Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/767/KzxPrZsNmlG9fHcuHEAELhTildI.roa
File: KzxPrZsNmlG9fHcuHEAELhTildI.roa (raw, json)
Hash identifier: lKTisdtJ9wopA8c02OL0FrfptSw09OytCXCrsSw4ZJ4=
Subject key identifier: 2B:3C:4F:AD:9B:0D:9A:51:BD:7C:77:2E:1C:40:04:2E:14:E2:95:D2
Certificate issuer: /CN=CC8CF726F2323299108744D6930BEF18D677445D
Certificate serial: 15FF
Authority key identifier: CC:8C:F7:26:F2:32:32:99:10:87:44:D6:93:0B:EF:18:D6:77:44:5D
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/zIz3JvIyMpkQh0TWkwvvGNZ3RF0.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/767/KzxPrZsNmlG9fHcuHEAELhTildI.roa
Signing time: Fri 17 Jan 2025 01:27:28 +0000
ROA not before: Fri 17 Jan 2025 01:27:28 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 18464
IP address blocks: 2403:3d80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5631 (0x15ff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=CC8CF726F2323299108744D6930BEF18D677445D
Validity
Not Before: Jan 17 01:27:28 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=2B3C4FAD9B0D9A51BD7C772E1C40042E14E295D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:a2:d9:7a:d4:3f:1a:f9:4b:9a:83:81:f5:87:
c5:77:b4:80:bd:8d:33:47:54:8c:11:ec:e6:53:0f:
f8:bf:6d:4c:a4:fb:29:1a:07:c3:16:55:ae:94:a3:
1c:ad:5f:35:ce:e5:73:d7:83:eb:37:e1:47:1c:37:
3c:ad:39:98:4f:2c:52:95:6a:63:f8:c9:5b:5e:90:
5b:91:9b:cd:19:18:42:ea:2e:35:65:b8:53:35:a1:
95:35:f6:63:50:37:c6:dc:25:36:05:5c:d2:c5:87:
c3:34:01:0b:72:5a:a6:8e:bf:a2:4f:21:7f:08:02:
8b:68:76:c9:36:b2:ea:dc:38:11:3d:cd:92:1d:a5:
a6:72:b4:1e:68:48:7f:ea:30:3c:1d:fd:a7:89:67:
27:39:c7:17:bd:6e:a7:ee:de:c0:aa:ca:5b:c3:cd:
77:8c:26:ec:ac:63:d7:72:83:4b:94:bc:07:50:9e:
c6:82:a4:99:22:f5:1f:89:1a:cb:36:54:da:34:0a:
3f:c5:7f:8c:8b:5e:ba:ea:2c:a5:b1:8a:ba:50:48:
50:0f:60:43:71:b4:6c:1c:ba:59:37:c4:e0:c1:20:
82:8a:ba:6b:f8:65:78:8d:50:f7:7d:41:da:f0:01:
f0:1c:75:5d:38:ef:c3:ff:c6:c3:18:6d:f5:21:be:
76:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:3C:4F:AD:9B:0D:9A:51:BD:7C:77:2E:1C:40:04:2E:14:E2:95:D2
X509v3 Authority Key Identifier:
keyid:CC:8C:F7:26:F2:32:32:99:10:87:44:D6:93:0B:EF:18:D6:77:44:5D
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/767/zIz3JvIyMpkQh0TWkwvvGNZ3RF0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/zIz3JvIyMpkQh0TWkwvvGNZ3RF0.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/767/KzxPrZsNmlG9fHcuHEAELhTildI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2403:3d80::/32
Signature Algorithm: sha256WithRSAEncryption
58:92:a8:1a:9b:6d:86:65:67:d7:b6:ad:cc:dd:4a:76:70:23:
b4:a3:a2:5e:27:67:9b:4b:1d:f0:9f:10:27:a7:7f:57:46:0d:
59:f1:a1:9e:c8:7c:e4:cf:77:1d:aa:36:24:16:62:e9:64:c3:
e2:21:6e:66:aa:d5:c9:a1:7b:35:ed:fc:87:28:e1:54:0f:01:
b3:25:a9:1b:f9:6b:50:82:19:92:4d:00:31:9d:71:94:05:6d:
5f:ec:e3:12:33:52:94:2c:86:fc:dc:ad:83:6a:c0:6d:6f:85:
00:b7:53:91:6c:80:2e:a6:f3:c1:15:93:73:63:a6:22:22:c7:
37:dd:06:d0:6a:63:24:39:4a:9e:c5:47:3c:22:d4:14:b8:55:
64:b1:07:6a:52:f8:ce:56:81:98:4f:1f:c9:2d:d1:7f:ca:c4:
f6:75:92:98:b6:04:ed:80:fc:9e:b7:7c:19:a4:7d:f4:90:d2:
96:1b:93:49:d4:ff:1f:b8:54:2b:46:b4:21:28:e6:5f:3c:5c:
e2:04:5c:c5:8f:df:24:b4:9d:22:b6:71:69:4d:ff:47:c6:34:
b3:a3:89:4c:7d:08:c9:43:82:8b:6d:48:2e:f8:d7:70:ec:0f:
97:1a:b0:69:f8:13:fc:7d:7b:d0:3f:6d:fa:76:8e:58:4f:75:
44:fe:ec:11
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICFf8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQ0M4
Q0Y3MjZGMjMyMzI5OTEwODc0NEQ2OTMwQkVGMThENjc3NDQ1RDAeFw0yNTAxMTcw
MTI3MjhaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDJCM0M0RkFEOUIwRDlB
NTFCRDdDNzcyRTFDNDAwNDJFMTRFMjk1RDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCootl61D8a+Uuag4H1h8V3tIC9jTNHVIwR7OZTD/i/bUyk+yka
B8MWVa6UoxytXzXO5XPXg+s34UccNzytOZhPLFKVamP4yVtekFuRm80ZGELqLjVl
uFM1oZU19mNQN8bcJTYFXNLFh8M0AQtyWqaOv6JPIX8IAotodsk2surcOBE9zZId
paZytB5oSH/qMDwd/aeJZyc5xxe9bqfu3sCqylvDzXeMJuysY9dyg0uUvAdQnsaC
pJki9R+JGss2VNo0Cj/Ff4yLXrrqLKWxirpQSFAPYENxtGwculk3xODBIIKKumv4
ZXiNUPd9QdrwAfAcdV0478P/xsMYbfUhvnYZAgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUKzxPrZsNmlG9fHcuHEAELhTildIwHwYDVR0jBBgwFoAUzIz3JvIyMpkQh0TW
kwvvGNZ3RF0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzY3
L3pJejNKdkl5TXBrUWgwVFdrd3Z2R05aM1JGMC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvekl6M0p2SXlNcGtRaDBUV2t3dnZHTlozUkYwLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzY3L0t6eFByWnNObWxHOWZI
Y3VIRUFFTGhUaWxkSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcD
BQAkAz2AMA0GCSqGSIb3DQEBCwUAA4IBAQBYkqgam22GZWfXtq3M3Up2cCO0o6Je
J2ebSx3wnxAnp39XRg1Z8aGeyHzkz3cdqjYkFmLpZMPiIW5mqtXJoXs17fyHKOFU
DwGzJakb+WtQghmSTQAxnXGUBW1f7OMSM1KULIb83K2DasBtb4UAt1ORbIAupvPB
FZNzY6YiIsc33QbQamMkOUqexUc8ItQUuFVksQdqUvjOVoGYTx/JLdF/ysT2dZKY
tgTtgPyet3wZpH30kNKWG5NJ1P8fuFQrRrQhKOZfPFziBFzFj98ktJ0itnFpTf9H
xjSzo4lMfQjJQ4KLbUgu+Ndw7A+XGrBp+BP8fXvQP236do5YT3VE/uwR
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:37:59 2025 by rpki-client